DoT Extends Deadline for Mandatory Testing of Broadband Gears Until Dec 31

The telecom department's communication security wing NCCS has deferred the rollout of mandatory testing of optical fibre-based broadband gears for the third time until December 31, an official notification said.

Industry body VoICE, representing domestic telecom gear makers, has alleged that the mandatory testing has been deferred again amid reluctance by foreign vendors to go for security testing but NCCS has denied the charges.

The National Centre for Communication Security (NCCS) under the Department of Telecommunications (DoT) is responsible for the implementation of 'Communication Security Certification Scheme' (ComSec) to ensure devices installed in telecom networks are safe and secure.

"Optical Network Terminal (ONT) and Optical Line Terminal (OLT) products will be under Voluntary Security Certification (VSC) regime till December 31, 2025. During the VSC period, administrative fee and Security Test Evaluation Fee shall not be levied.

Subsequently, from January 1, 2026, such products shall be mandatorily certified for their compliance with ITSAR under ComSec scheme," the notification dated August 29 said.

ONTs are devices installed at customer premises like modems, wifi routers etc for providing broadband services while OLTs facilitate transmission of broadband signals in the network.

Voice of Indian Communication Technology, Enterprises (VoICE), Director General RK Bhatnagar said, “One of the possible reasons for the extension could be the ongoing tariff negotiation with the US which has raised the compliance as costly and cumbersome.

"The issue is related to 'security' issues and we should not compromise. It will keep the door open for foreign players for more time and domestic players will be forced to share the same market with them even when they are compliance-ready," Bhatnagar said.

An email query sent to foreign vendors such as Cisco, Nokia, and Ericsson did not elicit any reply.

A source representing a European telecom vendor said that the industry has submitted representation to the NCCS through Cellular Operators Association of India (COAI) suggesting changes in the norms.

Telecom industry body COAI had written to NCCS on August 12 seeking exemption for products that are certified by globally-recognised product evaluation and certification schemes of entities such GSMA NESAS (Network Equipment Security Assurance Scheme), GSMA Security Assurance Specifications (SCAs), Federal Information Processing Standards (FIPS) developed by US based National Institute of Standards and Technology (NIST) or Common Criteria which is an international standard for IT product security certification.

When contacted, a DoT spokesperson denied the allegation of extension due to resistance from foreign telecom gear makers.

The spokesperson said that the extension has been granted to simplify the ComSec process and to address the product grouping concerns of Indian startups, MSMEs, etc.

"NCCS has deferred the mandatory security certification of Optical Line Terminals (OLT) and Optical Network Terminals (ONT) by four months. During this period, Voluntary Security Certification will be available. This move is expected to ensure large-scale adoption of security certification by OEMs who make OLTs and ONTs," the spokesperson said.

The National Centre for Communication Security (NCCS), under DoT, has been mandated to implement security testing and certification under the ComSec scheme.

As per the updated framework, OEMs, importers, and dealers who wish to sell, import, or use telecom equipment in India must ensure their products undergo security testing and certification under the said scheme.

"OEMs have customised the product software which has altered the device identity (hash value of software- fingerprint of the software) leading to many different customised devices of same models, the testing of each of these devices will not be cost-effective. NCCS has engaged with the Startups/ OEMs/ industry to simplify the grouping of such products so that security testing is not burdensome to the industry," the spokesperson said.

NCCS is also reviewing the ComSec process to make it simple and effective, the spokesperson said.

The DoT has been deferring the mandatory testing following objections raised mainly by foreign players on various grounds.

The NCCS has already addressed concerns of foreign vendors' apprehensions over the chances of source code leaks. It has been clarified that telecom gear makers can bring the source code on their own media which will not be copied to any device in the Telecom Security Testing Lab (TSTL) while performing source code analysis.

After the test, all intermediate test data will be deleted as well as there will be no manual review of source code avoiding any compromise on intellectual property.

NCCS started the processes of certifying broadband gears with the commencement of voluntary security certification (VSC) of optical network terminal (ONT) from August 1, 2024, and OLTs from September 1, 2024, under which it waived the administrative fee and security test evaluation fee.

The notification mandated certification for ONTs from February 1, 2025, onwards that have not undergone certification for essential requirements (ERs) proposed by the government under mandatory testing norms and were meant to be sold by OEMs or importers in India.

It also said that ONTs which were already installed in networks and proposed to go for a change in hardware or software were asked to go for mandatory certification from April 1, 2025 onwards.

Later, NCCS in December 2024 notified that the VSC regime will end on March 31, after which ONT and OLTs will need to go through mandatory certification to comply with ITSAR (Indian Telecom Security Assurance Requirements) under the ComSec Scheme from April 2025 onwards.

In April 2025, the deadline for VSC was extended for the second time until August 31 from April 1, directing optical fibre-based broadband gear makers to mandatorily get their equipment and products certified under the rules. The third extension has now been given till December 31.